San Diego — 15 November, 2013: The General Accounting Office (GAO) issued its long-awaited report on data brokers, INFORMATION RESELLERS: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace. The report discusses key World Privacy Forum testimony and research. “We are pleased with the GAO report,” said Pam Dixon, Executive Director of the World Privacy Forum. “In particular, we are glad the GAO highlighted our work calling for a stop to the selling of people’s sensitive medical and health information for marketing purposes. This is a practice that is causing great harm, the GAO made the right call in pointing out new controls are needed.” This press release includes links to the GAO report, to Dixon’s Congressional testimony, and to the WPF report discussed by the GAO.

This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.

The US federal government uses commercial data brokers [1] extensively for a wide variety of governmental activities. It is unquestioned that the government provides considerable revenue to commercial data brokers. How much? A reasonable and conservative estimate is that the number ranges in the billions of dollars. Over the course of the last 20 years, the extent of the relationship has become clear through a series of detailed investigations and scholarly research. For background purposes, we reference a leading study and discuss a newer use. This report does not seek to reinvestigate and re-document known uses.

OMB should establish privacy standards that are at least a good as those in and recommended for the Do Not Pay Initiative to cover all government purchases of commercial databases with personal information. OMB should consider accomplishing an expansion by establishing a task force that includes representatives of consumer and privacy groups.

To score is human. Ranking individuals by grades and other performance numbers is as old as human society. Consumer scores — numbers given to individuals to describe or predict their characteristics, habits, or predilections — are a modern day numeric shorthand that ranks, separates, sifts, and otherwise categorizes individuals and also predicts their potential future actions. This new report by Pam Dixon and Robert Gellman explores this issue of predictive scores and privacy.

This Jan. 30, 2014 report discusses a new right to restrict disclosure of health information under the updated HIPAA health privacy rule. The new provision called “Pay Out of Pocket,” also called the “Right to Restrict Disclosure” gives patients the right to request that their health care provider not report or disclose their information to their health plans when they pay for medical services in full. Navigating the new right will take effort and planning for patients to utilize effectively. This substance of this report is about the new patient right to restrict disclosure, and how patients can use it to protect health privacy.

This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.